using Microsoft.AspNetCore.Mvc;
using UniversalAdminSystem.Application.Common.Results;
using UniversalAdminSystem.Application.PermissionManagement.Interfaces;
using UniversalAdminSystem.Api.Attributes;

namespace UniversalAdminSystem.Api.Controllers;

/// <summary>
/// 用户角色管理控制器
/// 提供用户角色分配和管理功能
/// </summary>
[ApiController]
[Route("api/users")]
public class UserRoleController : ControllerBase
{
    private readonly IPermissionCheckService _permissionCheckService;

    public UserRoleController(IPermissionCheckService permissionCheckService)
    {
        _permissionCheckService = permissionCheckService;
    }

    /// <summary>
    /// 获取用户的所有权限
    /// </summary>
    [HttpGet("{userId}/permissions")]
    [RequirePermission("user:Read")]
    public async Task<IActionResult> GetUserPermissionsAsync(Guid userId)
    {
        try
        {
            var permissions = await _permissionCheckService.GetUserPermissionsAsync(userId);
            var result = Result<IEnumerable<string>>.Success(permissions);
            return Ok(result);
        }
        catch (Exception ex)
        {
            var result = Result<IEnumerable<string>>.Failure($"获取用户权限失败: {ex.Message}");
            return BadRequest(result);
        }
    }

    /// <summary>
    /// 获取用户的所有角色
    /// </summary>
    [HttpGet("{userId}/roles")]
    [RequirePermission("user:Read")]
    public async Task<IActionResult> GetUserRolesAsync(Guid userId)
    {
        try
        {
            var roles = await _permissionCheckService.GetUserRoleAsync(userId);
            var result = Result<IEnumerable<string>>.Success(roles);
            return Ok(result);
        }
        catch (Exception ex)
        {
            var result = Result<IEnumerable<string>>.Failure($"获取用户角色失败: {ex.Message}");
            return BadRequest(result);
        }
    }

    /// <summary>
    /// 检查用户是否有指定权限
    /// </summary>
    [HttpPost("{userId}/permissions/check")]
    [RequirePermission("user:Read")]
    public async Task<IActionResult> CheckUserPermissionAsync(Guid userId, [FromBody] string permissionCode)
    {
        try
        {
            var hasPermission = await _permissionCheckService.CheckUserPermissionAsync(userId, permissionCode);
            var result = Result<bool>.Success(hasPermission);
            return Ok(result);
        }
        catch (Exception ex)
        {
            var result = Result<bool>.Failure($"检查用户权限失败: {ex.Message}");
            return BadRequest(result);
        }
    }

    /// <summary>
    /// 检查用户是否有任意一个指定权限
    /// </summary>
    [HttpPost("{userId}/permissions/check-any")]
    [RequirePermission("user:Read")]
    public async Task<IActionResult> CheckUserAnyPermissionAsync(Guid userId, [FromBody] List<string> permissionCodes)
    {
        try
        {
            var hasPermission = await _permissionCheckService.CheckUserAnyPermissionAsync(userId, permissionCodes);
            var result = Result<bool>.Success(hasPermission);
            return Ok(result);
        }
        catch (Exception ex)
        {
            var result = Result<bool>.Failure($"检查用户权限失败: {ex.Message}");
            return BadRequest(result);
        }
    }

    /// <summary>
    /// 检查用户是否有所有指定权限
    /// </summary>
    [HttpPost("{userId}/permissions/check-all")]
    [RequirePermission("user:Read")]
    public async Task<IActionResult> CheckUserAllPermissionsAsync(Guid userId, [FromBody] List<string> permissionCodes)
    {
        try
        {
            var hasPermission = await _permissionCheckService.CheckUserAllPermissionsAsync(userId, permissionCodes);
            var result = Result<bool>.Success(hasPermission);
            return Ok(result);
        }
        catch (Exception ex)
        {
            var result = Result<bool>.Failure($"检查用户权限失败: {ex.Message}");
            return BadRequest(result);
        }
    }
} 